Oracle released its first quarterly Critical Patch Update (CPU) of 2012 on Tuesday afternoon, addressing at least 78 security issues across its product lines.
In terms of raw numbers, Oracle’s MySQL database has the highest number of fixed flaws, coming in at 27. The Sun Product Suite has 17 security updates which includes updates to Solaris as well as the GlassFish Enterprise Server. Oracle’s Fusion Middleware is receiving 11 security updates, JD Edwards products are getting 8 fixes, and the Oracle E-Business Suite has 3 security fixes. Sitting near the bottom of the list is the Oracle Database Server, which is being patched for only 2 vulnerabilities — even though security researchers have informed Oracle of several additional high-priority security flaws.
“We were very surprised to see the record-low number of database vulnerability fixes in this latest CPU,” Alex Rothacker, Director of Security Research for Application Security Inc.’s TeamSHATTER told InternetNews.com. “While the number has been trending down over the past couple of years, it was a shock to see just two fixes and the continued lack of emphasis Oracle is placing on providing fixes for its DBMS.”